Lucene search
MitreCVE-2005-3845HistoryNov 26, 2005 - 10:03 p.m.
CVE-2005-3845
2005-11-2622:03:00
CWE-89
mitre
web.nvd.nist.gov
24
cve-2005-3845
sql injection
ez invoice inc 2.0
remote attackers
arbitrary commands
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.8
Confidence
Low
EPSS
0.009
Percentile
82.8%
SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated “EZ Invoice, Inc has a patah available. Please email [email protected] and EZI will email you the patch to fix this small issue.”
Affected configurations
Node
ezinvoiceincez_invoice_incMatch2.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ezinvoiceinc | ez_invoice_inc | 2.0 | cpe:2.3:a:ezinvoiceinc:ez_invoice_inc:2.0:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
EZ Invoice Inc. EZI 2.0 - 'Invoices.php' SQL Injection
2005-12-25 00:00:00
cvelist
cvelist
CVE-2005-3845
2005-11-26 22:00:00
nvd
nvd
CVE-2005-3845
2005-11-26 22:03:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.8
Confidence
Low
EPSS
0.009
Percentile
82.8%
Related for CVE-2005-3845